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AMENDMENTS TO THE CLAIMS 
The listing of claims will replace all prior versions, and listings, of claims in the 
application: 
Listing of Claims 1 

L (Currently Amended) In computer network interconnecting a client system, a 
proxy system, and a server system, wherein data exchanged over the computer network is subject 
to being compromised, a method of negotiating, through the proxy system, a secure end-to-end 
connection between the client system and the server system, wherein the client system securely 
authenticates to the proxy system, the method comprising the acts of: 

receiving a request from the client system for a secure connection between the 
client system and the proxy system; 

establishing a secure connection between the client and proxy systemsUD_which 
at least ihc client is authenticated to t he proxy s.YStgm; 

receiving a request from the client system for a secure end-to-end connection with 

the server system; 

onlyLjJlcL.avU^ the client system request for a 

secure end-to-cud connection to the server system; and 

dovmgrading the seciu^ connection between the client system a3id the proxy 
system to be insecure after the secure end-to-end connection is established, whereby the 
secure end-to-end connection is encapsulated witliin the insecure client-proxy connection^ 
rmd^gn ch that the proxy server does not enc rypt otidecpajLajiy. data sent between Jhe 
clie nt and the scrv^er . 

2. (Original) A method as recited in claim 1 further comprising the acts of: 
issuing an authenticate challenge to the client system; and 

receiving, over the secure client-proxy connection, proper authentication 
credentials from the client system. 
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3. (Original) A method as recited in claim 2 wherein the authenticate challenge 
issued to the client system is one of abasic and a digest authenticate challenge. 

4. (Original) A method as recited in claim 1 wherein at least one of the secure 
client-proxy connection and the secure end-to-end connection is certificate based. 

5. (Original) A method as recited in claim 4 wherein at least one of the secure 
cHent-proxy connection and the secure end-to-end connection is one of a secure sockets layer 
and a transport layer security connection. 

6. (Original) A method as recited in claim 1 further comprising the act of 
sending a certificate to die client system, wherein the certificate may be used to verify the 
identity of the proxy system. 

7. (Original) A method as recited in claim 1 fiirther comprising the act of 
receiving proper authentication credentials from the client system, wherein the proper 
authentication credentials received from the client system are certificate based. 

8. (Original) A method as recited in claim 1 further comprising the act of 
transferring data between the client system and the server system through the secure end-to-end 
connection. 

9. (Original) A metiiod as recited in claim 1 wherein downgrading the secure 
connection between the client system and the proxy system to be insecure comprises the act of 
setting Uic cipher set for the connection to be a null cipher. 

10. (Original) A method as recited in claim 1 wherein the request for a secure 
end-to-end connection comprises a hypertext transfer protocol connect request. 

11. (Original) A method as recited in claim 1 wherein the server system 
comprises one of a reverse proxy server system and a forward proxy system. 
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12. (Original) A method as recited in claim 1 wherein at least one connection is 
over the Internet. 

13. (Original) A method as recited in claun 1 wherein the server system 
comprises a cascaded proxy system, the server system allowing secure comiections, insecure 
connections, or both secure and insecure connections, with one or more other server systems. 
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14. (Currcnlly Amended) In computer network interconnecting a client system, a 
proxy system, and a server system, wherein data exchanged over the computer network is subject 
to being compromised, a melhod of negotiating, duough the proxy system, a secure end-to^end 
connection between the client system and the server system, wherein the client system securely 
authenticates to tlic proxy system, the mcUiod comprising the acts of: 

sending a request to the proxy system for a secure connection between the client 
system and the proxy system; 

eslabUshtng a secure connection between the client and proxy systems , in wh icli 
^r'A<^i th e chcnt is authcniicatcd to Ihen i- oxv system ; 

sending a request to the proxy system for a secure cnd4o-end connection with the 
seivcr system^ wjiemhijieji^^ 
afLcrjQniUmther^ 

downgrading the secure connection between the client system and the proxy 
system to be insecure after the secure end-to-end connection is established, whereby the 
secure end-to-end connection is encapsulated within the insecure client-proxy comiectioa, 
nrifL_RllClUJ2^^\^ prnvy server doc s not cncrvDt or de crypt an y data se nt betwccn_lbg 
client a nd the s crver> 

15. (Original) A method as recited in claim 14 further comprising the acts of: 
receiving an authenticate challenge from the proxy system; and 
sending, over the secure client-proxy connection, proper authentication 

credentials to the proxy system. 

1 6. (Original) A method as recited in claim 1 5 wherein the authenticate challenge 
received by the client system is one of a basic and a digest authenticate challenge. 

17. (Original) A metliod as recited in claim 14 wherein at least one of the secure 
client-proxy connection and the secure end-to-end connection is certificate based. 
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18. (Original) A method as recited in claim 17 v/hcrein at least one of the secure 
client-proxy connection and the secure end-to-end connection is one of a secure sockets layer 
and a transport layer security connection. 

19. (Original) A method as recited in claim 14 further comprising the act of 
receiving a certificate from the proxy system, wherein the certificate may be used to verify the 
identity of the proxy system. 

20. (Original) A method as recited in claim 14 further comprising the act of 
sending proper authentication credentials to the proxy system, wherein the proper authentication 
credentials sent to the proxy system are certificate based . 

21. (Original) A method as recited in claim 14 furtlier comprising the act of 
transferring data to the server system through the secure end-to-end coimection. 

22. (Original) A method as recited in claim 14 wherein dov^mgrading the secure 
connection between the client system and the proxy system to be insecure comprises the act of 
setting the cipher set for the connection to be a null cipher. 

23. (Original) A metliod as recited in claim 14 wherein the request for a secure 
end-to-end connection comprises a hypertext transfer protocol connect request. 

24. (Original) A method as recited in claim 14 wherein the server system 
comprises one of a reverse proxy server system and a forward proxy server system. 

25. (On ginal) A method as recited in cl aim 1 4 wherein al least one connection i s 
over the Internet. 

26. (Original) A method as recited in claim 14 wherein the server system 
comprises a cascaded proxy system, the server system allowing secure connections, insecure 
connections, or both secure and insecure connections, with one or more other server systems. 
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27. 



(Cuncnlly Amended) In computer network interconnecting a client system, a 
proxy system, and a server system, wherein data exchanged over the computer network is subject 
to being compromised, a method of negotiating, through the proxy system, a secure end-to-end 
connection between the client system and the server system, wherein the client system securely 
authenticates to the proxy system, the method comprising steps for: 

negotiating a secure connection between the client and proxy systenisjn which at 
iragjjhc client is au t henticated to the proxy syslein; 

?f>.M- «..il.»niifiatin fi the chcnt . negotiating a secure end-to-end connection 
between the client and the server system using the secure client-proxy connection; 
altering the secure client-proxy connection so that it is no longer secure; and 
encapsulating the secure end-to-end connection witliin the insecure client-proxy 
n^nn^imn, imd s iich that thc proxv. seivejLd(?es not gncryBLOL dscryjiUmLdata,^ 
betwee n the cl ient andJbe server. 

28. (Original) A method as recited in claim 27 further comprising a step for 
authenticating thc client system to tlie proxy system, wherein the step for authenticating 
comprises an act of either the client system sending or thc proxy system receiving, proper 
authentication credentials including at least one of a basic authenticate challenge response, a 
digest authenticate challenge response, and a certificate. 

29. (Original) A method as recited in claim 27 wherein the step for negotiating a 
secure comiection between thc client and proxy systems comprises the act of the client system 
receiving or thc proxy system sending a certificate, wherein the certificate may be used to verify 
the identity of the proxy system, 

30. (Original) A method as recited in claim 27 wherein at least one of the secure 
client-proxy connection and the secure end-to-end connection is certificate based. 

31 . (Original) A method as recited in claim 30 wherein at least one of the secure 
client-proxy connection and the secure end-to-end connection is one of a secure sockets layer 
and a transport layer security connection. 
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32. (Original) A method as recited in claim 27 wherein the step for altering the 
secure clicat^proxy conrection comprises the act of setting the cipher set for the connection to be 
a null cipher, thereby downgrading the client-pi-oxy connection to be insecure. 

33. (Original) A method as recited in claim 27 where the step for negotiating a 
secure end-to-end connection comprises the act of either the cUent system sending or the proxy 
system receiving a hypertext transfer protocol connect request. 

34. (Original) A method as recited in claim 27 wherein the server system 
comprises a cascaded proxy system, the server system allowing secure connections, insecure 
connections, or both secure and insecure connections, with one or more other server systems. 
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35. (Currently Amended) In computer network iutercormecting a client system, a 
proxy system, and a server system, wherein data exchanged over the computer network is subject 
to being compromised, a computer program product for implementing a method of negotiating, 
tlirough the proxy system, a secure end-to-end connection belwcca the client system and the 
server system, wherein the client system securely authenticates to the proxy system, comprising: 
a computer readable medium for carrying machine- executable instructions for 

implementing the method; and 

wherein said method is comprised of machine-executable instructions for a proxy 

system performing the acts of: 

receiving a request from the chent system for a secure connection between the 

client system and the proxy system; 

establishing a secure connection between the client and proxy systems Jn . 

^dlichiUJeajLth 

receiving a request from the client system for a secure end-to-end connection 

with the server system; 

onl y after autbenticatinvz the client. forwardiuH the client system request for a 
secure cnd-to-cnd connection to the server system; and 

downgrading the secure connection between the client system and the proxy 
system to be insecure after the secure end-to-end connection is established, whereby 
the secure end-to-end connection is encapsulated within the insecure client-proxy 
connectio n, and such that the prox y server docs not enciypt or decrypt any daU isgnj 
hetwcc a the cll c nl and the sei-yer . 

36. (Original) A computer program product as recited in claim 35, the method 
comprised further of machine-executable instructions for performing the acts of: 

issumg an authenticate challenge to the client system; and 
receiving proper autlientication credentials from the client system. 

37. (Original) A computer program product as recited in claim 36 wherein the 
authenticate challenge issued to the client system is one of a basic and a digest authenticate 
challenge. 
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38. (Original) A computer program product as recited in claim 36, the method 
comprised further of machine executable instructions for pcrfonning the act of sending a 
certificate to the client system, wherein the certificate may be used to verify the identity of the 
proxy system. 

39. (Original) A computer program product as recited in claim 36 wherein at 
least one of the secure client-proxy connection and the secure end-to-end connection is 
certificate based. 

40. (Original) A computer program product as recited in claim 39 wherein at 
least one of the secure client-proxy connection and the secure end-to-end connection is one of a 
secure sockets layer and a transport layer security connection. 

41. (Original) A computer program product as recited in claim 35, tlie metliod 
fuither comprised of machine-executable instructions for performing the act of receiving proper 
authentication credentials from the client system, wherein proper authentication credentials 
received from the client system are certificate based. 

42. (Original) A computer program product as recited in claim 35, the method 
furtlier comprised of machine-executable instructions for pcrfoiming the act of trans fenring data 
between the client system and the server system through the secure end-to-end connection. 

43. (Original) A computer program product as recited in claim 35, the method 
comprised further of machine-executable instructions for perfomiing the act of setting the cipher 
set for the secure client-proxy connection to be a null cipher, thereby downgrading tlie 
client-proxy connection to be insecure. 

44. (Original) A computer program product as recited in claim 35 wherein the 
request for a secure end-to-end connection comprises a hypertext transfer protocol connect 
request. 
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45. (Original) A computer program product as recited in claim 35 wherein the 
server system comprises one of a reverse proxy server system and a forwanl proxy server 
system. 

46. (Original) A computer program product as recited in claim 35 wherein at 
least one connection is over the Internet. 

47. (Original) A computer program product as recited in claim 35 wherein die 
server system comprises a cascaded proxy system, the server system allowing secure 
connections, insecure connections, or both secure and insecure connections, ydth one or more 
other server systems. 
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48. (Currently Amended) In computer network interconnecting a client system, a 
proxy system, and a server system, wherein data exchanged over the computer network is subject 
to being compromised, a computer program product for implementing a method of negotiating, 
tiirough the proxy system, a secure end-to-end connection between the eUent system and the 
server system, wherein the client system securely authenticates to the proxy system, comprising: 
a computer readable medium for carrying machine-executable instructions for 

implementing the method; and 

wherein said method is comprised of machine-executable instructions for a client 

system performing the acts of: 

sending a request to the proxy system for a secure connection between the 

client system and the proxy system; 

establishing a secure connection between the client and proxy systemsjn 
ujiinh ai Inast th e client is authenticated to th e nroxYjgystCQi; 

sending a request to the proxy system for a secure end-to-end connection 
with the server ^y.t^'.m whorain the proxy s ystem rorw ayds the rcquestjojho 
-rrvrr 'I'l'itrm '>nlY nT"^- f^^* authenticating the client: and 

downgrading the secure connection between the client system and the 
proxy system to be insecure after the secure end-to-end connection is established, 
whr-.r.-^h v ibK secure er -^-^"-^'"^ onnnt^rt ion is encapsulated within the ins ecure 
Higjt-pmx y connection, -mtl such that tl^^^ proxy seiner does not encrypt o r 
d ccry]it ativ data sent between the client and the server. 

49. (Original) A computer program product as rcciteil in claim 48, the method 
comprised fiirthcr of machine-executable instructions for performing the acts of: 

receiving an authenticate challenge from the proxy system; and 
sending proper authentication credentials to the proxy system. 

50. (Original) A computer program product as recited in claim 49 wherein the 
authenticate challenge received by the client system is one of a basic and a digest autiienticate 
challenge. 
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51. (Orieinal) A computer program product as recited in claim 48, the method 
comprised further of machine-executable instructions for performing the act of receiving a 
certificate from the proxy system, wherein the certificate may be used lo verify the identity of the 
proxy system, 

52. (Original) A computer program product as recited in claim 48 wherein at 
least one of the secure client-proxy connection and the secure end-to-end connection is 
certificate based, 

53. (Original) A computer program product as recited in claim 52 wherein at 
least one of the secure client-proxy connection and the secure end-to-end connection is one of a 
secure sockets layer and a transport layer security connection. 

54. (Original) A computer program product as recited in claim 48, the method 
comprised furllier of macliine-executable instructions for performing the act of sending proper 
authentication credentials to the proxy system, wherein the proper authentication credentials sent 
to the proxy system are certificate based. 

55. (Original) A computer program product as recited in claim 48, the method 
comprised further of machine-executable instructions for performing the act of transferring data 
between the client system and the server system through the secure end-to-end connection, 

56. (Original) A computer program product as recited in claim 48, the method 
comprised further of machine-executable instructions for performing the act of setting the cipher 
set for the secure client-proxy connection to be a null cipher, thereby downgrading the 
cUent-proxy connection to be insecure. 
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57. (Original) A coinputer program product as recited in claim 48 wherein the 
rxjquesl for a secure end-to-end connection comprises a hypertext trattsfei- protocol connect 
request. 

58. (Original) A computer program product as recited in claim 48 wherein the 
server system comprises one of a reverse proxy server system and a forward proxy server 
system. 

59. (Original) A computer program product as recited in claim 48 wherein at 
least one comieclion is over the Internet. 

CO. (Original) A computer program product as recited in claim 48 wherein the 
server system comprises a cascaded proxy system, the server system allowing secure 
connections, insecure connections, or both secure and insecure connections, with one or more 
other server systems. 
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